Irish Watchdog Fines LinkedIn €310 Million for GDPR Violations
On Thursday, Ireland's data protection authority fined LinkedIn €310 million ($335 million) for privacy violations, citing the platform's use of behavioral analysis of personal data for targeted advertising.
The Data Protection Commission (DPC) said the investigation reviewed LinkedIn's processing of members' data for behavioral analysis and targeted ads, assessing the legality, fairness, and transparency of these practices. This penalty falls under the European Union’s General Data Protection Regulation (GDPR), which governs data privacy in the EU and EEA since May 25, 2018.
The probe began after a 2018 complaint to France’s data regulator and found LinkedIn violated GDPR principles around transparency and fairness, specifically Articles 6, 5(1)(a), 13(1)(c), and 14(1)(c). Infractions included not obtaining explicit consent or fully informing users before using third-party data for ads, and relying on "legitimate interests" for processing first-party data for ad targeting. LinkedIn now has three months to bring its operations in line with GDPR.
The DPC emphasized that valid GDPR consent must be freely given, specific, informed, and clearly indicated by the user, while processing must be fair and transparent. DPC Deputy Commissioner Graham Doyle called compliance with legal processing standards "a fundamental data protection right."
Microsoft-owned LinkedIn responded, saying it believes its practices comply with GDPR but will adjust its ad practices to meet the DPC’s requirements within the deadline.
For Further Reference